Re: [Declude.JunkMail] IPBYPASS not working
Andrew, I think you should start by turning off the Disable insertion of InterScan Received: header when processing messages. This is on the Advanced Options of the GUI, or in the intscan.ini in the [EMail-Scan] section by setting DisabledReceivedHeader=no. That is not available in the Unix version of VirusWall that we are using. InterScan v3.8 for UNIX Version Information : Scan Engine: 5.600-1011 Pattern Number: 600 SMTP version: 3.8-Build_1080 FTP version: 3.8-Build_1080 HTTP version: 3.8-Build_1080 Then put in an IPBYPASS for that IP, which you say is 10.0.0.14 That is already configured as such. And FWIW, the Trend Micro InterScan VirusWall SMTP module does not gateway the TCP connection. It is a normal mail relay. It behaves as a normal MTA, receiving the entire message and committing it to disk before it scans the message for a virus. The confusing bit is that it happens to have a feature that it can happily forward mail to any port you specify (instead of just tcp/25), which is a convenience for many who want to run the VirusWall on the same box as their usual MTA. That is true of VirusWall NT (which we used to implement), but is not true of VirusWall Linux. When you telnet to VirusWall Linux, you recieve the SMTP greeting from IMail. If IMail is not running, you cannot establish a connection to VirusWall Unix. -- Thomas Kishel, Department Head - Systems Larson Texts, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPBYPASS not working
Scott, The question here is What do you want IPBYPASS to do? We are using TrendMicro's VirusWall in front of our IMail server. It's SMTP service appears to gateway a tcp connection between the sending and receiving mail servers. Therefore, IMail sees incoming connections with the sending server representing itself with its configured host name but with the IP address of the gateway. I have configured Declude (1.75) to IPBYPASS that address, but the SPAMDOMAINS test always fails. Are my expectations unrealistic considering my environment, or is SPAMDOMAINS not honoring IPBYPASS? -- Topology: Internet - Firewall [(NAT) 208.20.231.2 - 10.0.0.2] - TrendMicro VirusWall [10.0.0.14] - Declude-IMail [10.0.0.4] -- Headers: Received: from web80703.mail.yahoo.com [10.0.0.14] by email.meridiancg.com (SMTPD32-8.00) id AD711A3011C; Wed, 06 Aug 2003 09:06:57 -0400 Message-ID: [EMAIL PROTECTED] Received: from [208.20.231.2] by web80703.mail.yahoo.com via HTTP; Wed, 06 Aug 2003 06:09:53 PDT Date: Wed, 6 Aug 2003 06:09:53 -0700 (PDT) From: Thomas Kishel [EMAIL PROTECTED] Subject: Test -- Declude Log: 08/06/2003 09:06:59 Qfd7101a3011ca7cd Msg failed SPAMDOMAINS (Spamdomain 'yahoo.com' found: Address of [EMAIL PROTECTED] sent from invalid .). Action=LOG. 08/06/2003 09:06:59 Qfd7101a3011ca7cd Subject: Test 08/06/2003 09:06:59 Qfd7101a3011ca7cd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 10.0.0.14 ID: -- IMail Log: SMTPD (01A3011C) [10.0.0.4] connect 10.0.0.14 port 42167 SMTPD (01A3011C) [10.0.0.14] HELO web80703.mail.yahoo.com SMTPD (01A3011C) [10.0.0.14] MAIL FROM:[EMAIL PROTECTED] SMTPD (01A3011C) [10.0.0.14] RCPT TO:[EMAIL PROTECTED] -- Thomas Kishel, Department Head - Systems Larson Texts, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
